This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCHNEIDER_ELECTRIC_CGATE_ICSA-21-105-01.NBINSchneider Electric C-Gate < 2.11.6 Multiple Vulnerabilities
The Schneider Electric C-Gate running on the remote host is affected by multiple vulnerabilities :
-
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22717)
-
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An authenticated, remote attacker can leverage this vulnerability to execute code in the context of SYSTEM. (CVE-2021-22719)
-
A path traversal vulnerability exists within the processing of commands sent to the C-Gate server. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An authenticated, remote attacker can leverage this vulnerability to disclose information in the context of SYSTEM. (CVE-2021-22720)
Note that Nessus has not tested for the issue but has instead relied only on the application’s self-reported version number.
Binary data schneider_electric_cgate_icsa-21-105-01.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | c-gate | x-cpe:/a:schneider-electric:c-gate |
Related
